diff mbox series

[FFmpeg-devel,1/2] avformat/tls_schannel: always decrypt all received data

Message ID 20200512220525.9911-2-jeebjp@gmail.com
State Accepted
Commit 39977fff20048f1798a95c593d6034a0e73ebbe5
Headers show
Series avformat/tls_channel: fixes to make keep-alive work | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Jan Ekström May 12, 2020, 10:05 p.m. UTC 
The dec_buf seems to be properly managed between read calls,
and we have no logic to decrypt before attempting socket I/O.
Thus - until now - such data would not be decrypted in case of
connections such as HTTP keep-alive, as the recv call would
always get executed first, block until rw_timeout, and then get
retried by retry_transfer_wrapper.

Thus - if data is received - decrypt all of it right away. This way
it is available for the following requests in case they can be
satisfied with it.
---
 libavformat/tls_schannel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Hendrik Leppkes May 12, 2020, 10:41 p.m. UTC | #1 
On Wed, May 13, 2020 at 12:35 AM Jan Ekström <jeebjp@gmail.com> wrote:
>
> The dec_buf seems to be properly managed between read calls,
> and we have no logic to decrypt before attempting socket I/O.
> Thus - until now - such data would not be decrypted in case of
> connections such as HTTP keep-alive, as the recv call would
> always get executed first, block until rw_timeout, and then get
> retried by retry_transfer_wrapper.
>
> Thus - if data is received - decrypt all of it right away. This way
> it is available for the following requests in case they can be
> satisfied with it.
> ---
>  libavformat/tls_schannel.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/tls_schannel.c b/libavformat/tls_schannel.c
> index 4f0badcb8d..7a8842e7fe 100644
> --- a/libavformat/tls_schannel.c
> +++ b/libavformat/tls_schannel.c
> @@ -424,7 +424,7 @@ static int tls_read(URLContext *h, uint8_t *buf, int len)
>          c->enc_buf_offset += ret;
>      }
>
> -    while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK && c->dec_buf_offset < len) {
> +    while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK) {
>          /*  input buffer */
>          init_sec_buffer(&inbuf[0], SECBUFFER_DATA, c->enc_buf, c->enc_buf_offset);
>
> --
> 2.26.2

 LGTM.

- Hendrik
diff mbox series

Patch

diff --git a/libavformat/tls_schannel.c b/libavformat/tls_schannel.c
index 4f0badcb8d..7a8842e7fe 100644
--- a/libavformat/tls_schannel.c
+++ b/libavformat/tls_schannel.c
@@ -424,7 +424,7 @@  static int tls_read(URLContext *h, uint8_t *buf, int len)
         c->enc_buf_offset += ret;
     }
 
-    while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK && c->dec_buf_offset < len) {
+    while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK) {
         /*  input buffer */
         init_sec_buffer(&inbuf[0], SECBUFFER_DATA, c->enc_buf, c->enc_buf_offset);